[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does Debian need to enforce a better Security policy for packages?

On Mon, Oct 22, 2001 at 06:46:19PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> 	I just made an empty package with dh_make with only a postinst
> having 'rm -rf /'. Lintian says:
> $ lintian test-rm*deb
> E: test-rm: description-is-dh_make-template
> E: test-rm: helper-templates-in-copyright
> W: test-rm: readme-debian-is-debmake-template
> W: test-rm: unknown-section unknown

Lintian only checks for mistakes. If you make it try to check for
maliciousness, then the malicious packager will just make his/her trojan
more obscure to foil it - thus making it harder for the casual observer
to tell that there's a trojan there.

This is a social problem. I don't think a purely technical solution is

Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: